ICO calls for data trading sanctions to be implemented

Tough penalties need to be used to protect personal data, says commissioner

The Information Commissioner Richard Thomas has called for greater use of the tougher penalties possible for those who breach data protection laws.

Thomas told delegates at the Infosecurity Europe that although criminal sentences to punish those who engage in the illegal trading of information have been introduced to the statute books, their implementation has frustratingly been delayed. "I'm still seeking serious deterrent to those who engage in this illegal market," he added.

He acknowledged that overall data protection awareness is improving, although public sector attitudes are still "worrying".

"The emphasis should be on accountability. Security is not just a matter for IT experts – the buck stops at the top and that has to be with the permanent secretaries," he said.

He branded the ICO's current powers "pathetic" and welcomed the forthcoming spot-check powers of organisations recently granted by the Prime Minister. Thomas added that a "modest increase in budget" for the ICO on top of the current annual sum of £10.5 million is also necessary.

He argued that although criminal sentences have been introduced to the statute books to punish those who illegally engage in the trading of information, their implementation has frustratingly been delayed. "I'm still seeking serious deterrent to those who engage in this illegal market," he added.

Lord Erroll, a member of the House of Lords science and technology select committee agreed that strong deterrents need to be introduced to "demotivate the next generation" from turning to online crime.

He added that public sector employees must also be carefully monitored to minimise the insider threat. "There are one or two rotten apples and we need the power to root them out," he argued. "Most of them are underpaid or under pressure and we need to make sure they aren't corrupted – that's why we need these [spot check] powers for the ICO soon.

Data minimisation was also held up as an important discipline which firms have been neglecting up until now. Thomas questioned the logic of allowing the details of 600,000 people to be stored unencrypted on a Ministry of Defence laptop for so long after they were obtained.